one of the recent ms update breaks a program we use i am able to do a uninstall for the computer effect but how can i block or hide the kb file from being re-applied
I would recommend a few things.
- Create an Open Ended Action (no expiration date) to uninstall the KB if installed. Configure the uninstall Action so that it runs any time it is relevant, as many times as needed.
- As a Master Operator, you can Globally Hide a Fixlet/Task. Hide the Fixlet’s associated with the KB article.
- If you are using Active Directory, you can create a GPO that will prevent the execution of the KB Installer.
This will not prevent someone from installing it manually or through another tool (Undows Update), but the Open Action would uninstall it almost immediately.
thanks step 3 won’t work cause not everyone get on to the network to get the gpupdate. there is not a script that could be run to simulate the action of clicking hide
The “Hide” function happens in the IEM/BigFix Console, not on the Endpoints.
If a user visits Windows Update, they can still install the unwanted update, but an Open Ended Uninstall Task Action would uninstall it very soon after they finished installing it.
@eddiet means hide the KB from Windows Update, not the console.
Also, you can deploy Local Group Policy with BigFix and it will work on any system in which BigFix works.
See this on how to block an update using a VBScript: http://serverfault.com/questions/145843/block-specific-windows-update-hotfix
The question isn’t so much how to block an update with BigFix, it is more a question of how do I block an update on the command line? If you can answer that question, you can do it with BigFix.